Meta

Category: Work

Many years ago, when HTML3 and 4 were still widely used in the mid to late 1990s, it was a common practice to place HTML style comments, or in some cases CDATA comments inside the SCRIPT tag in an attempt to hide that content from browsers that could not process it. In those browsers the content (javascript source code) would sometimes be displayed on the page, making it quite a mess.

This practice is now obsolete, and often problematic as there are very few of those browsers in use today – primarily only for testing of legacy functionality.

If you have already started using HSTS to force users to your HTTPS website, the use of ‘preload’ is another simple addition as it only requires the addition of the keyword to the header.

Once done, you can either wait for your site to be identified (which can take a long time, or forever for less popular websites) or ideally, submit your hostname to be added to the lists preloaded in many modern browsers. The advantage here is that your users will never make a single request to your HTTP website and will automatically be directed to HTTPS.

While having history available with the simple use of the up arrow is a convenience feature common to most linux builds it can come with some risk. One such risk is when you have inadvertently typed a password instead of a command, or had to pipe credentials into a command.

Thankfully, you can clear the entire history with a variety of methods, the most common are below but others are available in the references.

I often have to install different languages/locales on Windows 7 to perform testing in different languages, unfortuately adding all of them into a single installation can take a lot of space, particularly when using a virtual machine.

Using the usual method to ‘remove installed software’ will remove updates, but leaves the languages in place, to completely remove them you must open a command prompt and execute the following:

LPKSETUP

Select the languages you wish to remove, and click continue… it will take a while, but the languages will be removed one at a time.

A relatively new HTTP Header that is supported by most modern browsers (except MSIE) is the “Referrer-Policy” header. There have been previous attempts to implement similar protections through use of the ‘rel’ (or ‘rev’) attributes on links to external websites. The latest approach takes a different approach and prevents leaking of internal URLs, and in some cases parameters, to external websites. This is important from a security perspective as you might maintain some sensitive information in your page urls, that would otherwise be inadvertently shared with an external website.

Clearly, you’ll need to determine your own level of security based upon your needs. Example: ‘no-referrer’ would be the most strict and would prevent the browser from sending the ‘Referer'(sic) header even to your own websites pages.

Implementation can be accomplished in many ways, the most simple being and addition to your HTTP server configuration similar to the one shown below for Apache 2.x:
Header always set Referrer-Policy strict-origin

While I’ve run various builds of Linux for many years, I still have to routinely test my work in Windows. While I often attempt to keep my laptops able to dual-boot into Windows, that only (realistically) supports only a single version of Windows. For older versions, I generally rely upon VirtualBox and can then have different configurations available when needed, while keeping my Linux apps open too!

Occasionally, I’ve had a virtual machine running a licensed copy of Windows 7 start warning that it is not activated. This can prove to be annoying for several reasons, as such I did some research and found that others have encountered the same problem and shared the below solutions.

First method:

Open a command prompt in Administrator mode.

Execute “slmgr -rearm”

NOTE: some sites tell you to locate and remove “slui.exe” – DO NOT DO THIS!

While the Guest session can be useful for some people, I’ve generally considered it to be security vulnerability as unauthorized users could gain physical access to some areas of your system that are not secured as well as they “should” be.

Additionally, the default behavior that allows for the username(s) to be stored and listed on the login screen are less than ideal.

If you are running a secure website, it’s a good idea to prevent non-secure assets from being included on your page. This can often happen through the use of content management system, or even through website vulnerabilities. A simple change in HTTP headers will help browsers to defend against them.

Content-Security-Policy: block-all-mixed-content

Most modern browsers, except MSIE, currently support this approach.
– Firefox 48+